Different Types of BEC Attempts
BEC, which is short for “Business Email Compromise“, is a type of email fraud where criminals use compromised email accounts of high-level employees or executives to trick organizations into wiring money to a bank account controlled by the fraudsters.
Five BEC Scenarios
The Internet Crime Complaint Center (IC3) of the FBI defines five scenarios by which BEC attempts may take place.
Fake Invoice Schemes. The victim of this type of scam is usually a business that has a long-standing relationship with a certain supplier or who deals with foreign suppliers. Attackers pretend to be the supplier and request fund transfers to an alternate, fraudulent account. Business Executive Scam (also called CEO, CFO or CTO Fraud). In this scenario the BEC actor compromises the email of a high-level business executive (CEO, CFO, CTO…). Next, the criminal sends a request for an “urgent” money transfer to the employee who usually handles these requests, or even to the company’s bank. Account Compromise. In this case, the attacker hacks a high-level employee’s email account. He then sends requests for bogus invoice payments to multiple vendors listed in their contacts. Payments are requested to be sent to an account controlled by the criminal. Attorney Impersonation. This fraud usually takes place over email or by phone towards the end of the day, to coincide with the close of business of international financial institutions. The criminal contacts their victim identifying themselves as a lawyer in charge of crucial and confidential matters. In this instance, they pressure their victim to act quickly or secretly. Data Theft. Using a spoofed or compromised email address, the criminal asks someone within HR or accounts, for example, to email them a tax statement, employee details form or other documents containing personal identifiable information (PPI). The criminal’s aim is to use this information in future attacks.
Only a Handful of Techniques Used
BEC attacks usually do not require complicated tools or advanced technical knowledge. In short, only a handful of techniques are used. The first is account intrusion, involving malware or phishing to steal the target’s credentials and access their professional email account. The second method uses a simple email. In this case, the criminal typically spends a significant period of time researching and closely monitoring their potential target. Because these emails do not contain any malicious links or attachments, they usually evade traditional detection tools and are mostly based on the criminal’s social engineering skills.
Significant Increase in BEC Attacks
In their Security Predictions for 2020 report published in November 2019, Trend Micro predicted BEC attempts would be on the rise in 2020. In January and February of 2020 alone, Trend Micro has seen the number of BEC attempts increase by 24.3%. Victims range from small businesses to large corporations. The most popular targets within companies, according to Trend Micro’s research, are finance managers, finance directors, finance controllers and CEOs. Not surprisingly, CFO fraud is the most common BEC type in countries such as the US, the UK and Australia. Businesses with an increased awareness and understanding of BEC scams are more likely recognize these types of attacks. To successfully prevent such scams, a companywide approach is needed. Ssecurity awareness training, stringent company policies and authentication technology (including 2FA) should be combined.
Expect More Opportunistic Attacks during the Corona Crisis
For most companies, the COVID-19 coronavirus outbreak has already proven to be immensely challenging. Moreover, executives and employees working from home use, in many cases, non-standard communication methods. Consequently, it is now easier to conduct BEC attacks. “IT security teams around the world may be under significant pressure today, as the corporate attack surface expands thanks to mass home working demands in the face of the Covid-19 epidemic,” said Ian Heritage, cloud security architect at Trend Micro. “But now more than ever, they must be on high alert as opportunistic cyberattackers look to strike.”
Other Threats also Alluring
Trend Micro has also detected over two million ransomware attacks in February 2020, a 20% increase from the previous month. Alarmingly, attempts to seed Ryuk ransomware, a high-risk ransomware-type virus, went up from a few hundred to approximately 2,000 detections. Surprisingly, malicious attachments in emails have shrunk by 74% over the same time period. The number of malware laden emails has dropped from around a million in January to a quarter of a million in February. The next frontier, according to cybersecurity experts, is Artificial Intelligence (AI). Last year, an energy company reported that they were defrauded by scammers who used AI to mimic the voice of the organization’s CEO. It is more and more likely that criminals can and will take advantage of AI and deepfakes in the future to give more credence to their schemes.